Popa et al., 2010 - Google Patents
CloudPolice: taking access control out of the networkPopa et al., 2010
View PDF- Document ID
- 6832104268419203335
- Author
- Popa L
- Yu M
- Ko S
- Ratnasamy S
- Stoica I
- Publication year
- Publication venue
- Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks
External Links
Snippet
Cloud computing environments impose new challenges on access control techniques due to multi-tenancy, the growing scale and dynamicity of hosts within the cloud infrastructure, and the increasing diversity of cloud network architectures. The majority of existing access …
- 238000000034 method 0 abstract description 13
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
- H04L63/0218—Distributed architectures, e.g. distributed firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0254—Stateful filtering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic regulation in packet switching networks
- H04L47/10—Flow control or congestion control
- H04L47/24—Flow control or congestion control depending on the type of traffic, e.g. priority or quality of service [QoS]
- H04L47/2441—Flow classification
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic regulation in packet switching networks
- H04L47/10—Flow control or congestion control
- H04L47/12—Congestion avoidance or recovery
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to network resources
- H04L63/105—Multiple levels of security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. local area networks [LAN], wide area networks [WAN]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/70—Virtual switches
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network-specific arrangements or communication protocols supporting networked applications
- H04L67/10—Network-specific arrangements or communication protocols supporting networked applications in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance or administration or management of packet switching networks
- H04L41/08—Configuration management of network or network elements
- H04L41/0893—Assignment of logical groupings to network elements; Policy based network management or configuration
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing packet switching networks
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Popa et al. | CloudPolice: taking access control out of the network | |
| Bhushan et al. | Distributed denial of service (DDoS) attack mitigation in software defined network (SDN)-based cloud computing environment | |
| US20210344692A1 (en) | Providing a virtual security appliance architecture to a virtual cloud infrastructure | |
| Islam et al. | Distblacknet: A distributed secure black sdn-iot architecture with nfv implementation for smart cities | |
| US11159487B2 (en) | Automatic configuration of perimeter firewalls based on security group information of SDN virtual firewalls | |
| Sahoo et al. | Toward secure software-defined networks against distributed denial of service attack | |
| Rawat et al. | Software defined networking architecture, security and energy efficiency: A survey | |
| Goltzsche et al. | Endbox: Scalable middlebox functions using client-side trusted execution | |
| Chen et al. | SDNShield: Towards more comprehensive defense against DDoS attacks on SDN control plane | |
| US10116696B2 (en) | Network privilege manager for a dynamically programmable computer network | |
| WO2012172509A2 (en) | Systems and methods that perform application request throttling in a distributed computing environment | |
| CN110226155B (en) | Collecting and processing context attributes on a host | |
| US10313396B2 (en) | Routing and/or forwarding information driven subscription against global security policy data | |
| Khalaf et al. | A simulation study of syn flood attack in cloud computing environment | |
| Polat et al. | The effects of DoS attacks on ODL and POX SDN controllers | |
| Csikor et al. | Tuple space explosion: A denial-of-service attack against a software packet classifier | |
| Zhang et al. | Tripod: Towards a scalable, efficient and resilient cloud gateway | |
| Li et al. | SDN-based stateful firewall for cloud | |
| Rao et al. | SEDoS-7: a proactive mitigation approach against EDoS attacks in cloud computing | |
| Parashar et al. | A survey of attacks and their mitigations in software defined networks | |
| Shukhman et al. | Development of network security tools for enterprise software-defined networks | |
| US11671404B2 (en) | Policy based mechanism to efficiently interpret and block insecure network communication | |
| Feng et al. | An End-Host-Importance-Aware Secure Service-Enabled Hybrid SDN Deployment | |
| Singh et al. | Performance analysis of emm an edos mitigation technique in cloud computing environment | |
| Beaubrun et al. | A Secure Access Control Architecture for Multi-Tenancy Cloud Environments |